diff options
Diffstat (limited to 'libgo/go/crypto/aes/aes_gcm.go')
-rw-r--r-- | libgo/go/crypto/aes/aes_gcm.go | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/libgo/go/crypto/aes/aes_gcm.go b/libgo/go/crypto/aes/aes_gcm.go index 1377578950..3e5e2359d8 100644 --- a/libgo/go/crypto/aes/aes_gcm.go +++ b/libgo/go/crypto/aes/aes_gcm.go @@ -2,7 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build amd64 +// +build ignore +// -build amd64 package aes @@ -45,9 +46,12 @@ var errOpen = errors.New("cipher: message authentication failed") // will use the optimised implementation in this file when possible. Instances // of this type only exist when hasGCMAsm returns true. type aesCipherGCM struct { - aesCipher + aesCipherAsm } +// Assert that aesCipherGCM implements the gcmAble interface. +var _ gcmAble = (*aesCipherGCM)(nil) + // NewGCM returns the AES cipher wrapped in Galois Counter Mode. This is only // called by crypto/cipher.NewGCM via the gcmAble interface. func (c *aesCipherGCM) NewGCM(nonceSize int) (cipher.AEAD, error) { @@ -96,6 +100,9 @@ func (g *gcmAsm) Seal(dst, nonce, plaintext, data []byte) []byte { if len(nonce) != g.nonceSize { panic("cipher: incorrect nonce length given to GCM") } + if uint64(len(plaintext)) > ((1<<32)-2)*BlockSize { + panic("cipher: message too large for GCM") + } var counter, tagMask [gcmBlockSize]byte @@ -134,6 +141,10 @@ func (g *gcmAsm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { if len(ciphertext) < gcmTagSize { return nil, errOpen } + if uint64(len(ciphertext)) > ((1<<32)-2)*BlockSize+gcmTagSize { + return nil, errOpen + } + tag := ciphertext[len(ciphertext)-gcmTagSize:] ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] |